- Innovation & Transformation
Keep safe from cyber threats in the age of COVID-19
Staying ahead of cyberthreats is a 24/7/365 job. Find out what you need to watch out for, and how to keep your business safe.
If it feels like you’re reading about a new cyber breach impacting a business every day… it’s because you probably are. Be it Business Email Compromise, Spearphishing, Vishing or any other form of cyber-related fraud, attacks are happening – and succeeding – everyday.
The numbers are staggering. A 2020 study by the Canadian Internet Registry Authority (CIRA) found that eight-in-10 Canadian organizations had faced at least one cyber attack in the year priori.
Cyber threats have been growing as our lives and businesses shift ever more online, and as bad actors see more success with methods like phishing, vishing and smishing, malware and ransomware. This has been especially true during COVID-19 when scammers and fraudsters have worked tirelessly to exploit consumer fears and dispersed workforces for their own personal gain.
In fact, the 2020 CIRA Cybersecurity Report notes that three in 10 Canadian organization say they had seen a spike in the volume of attacked during the pandemicii. And with the average cost of a data breach in Canada reaching a record $6.35 million, it’s time for businesses to take noteiii.
Bad actors have become good organizers
The days of the “hacker alone in a basement” are long over. Those with the technical skills to pose a threat to businesses and consumers alike are getting organized, and have created an entire economy around hacking. The “Dark Web” is filled with forums for bad actors that buy and sell technologies designed to attack businesses – and even have customer support processes in place to make sure their products work as advertised.
“It’s easier for the bad guys than ever before. There’s strong economic incentive, and much less risk,” says Peter Buckley, Head of Technology and Cyber Resilience, HSBC Bank Canada. “This is the age of Malware-as-a-Service, where advanced tools can be bought and sold for cheap and used to attack any organization.”
Tools designed to fool
The two main approaches for hackers today when attacking organizations are social engineering tactics (like phishing, vishing and smishing) and malicious code attacks (like malware and ransomware). And while incidents involving the latter may dominate the news cycle, it’s the former that remains the biggest threat to organizations.
Recent estimates suggest that as much as 91% of all cyber attacks start with a phishing attackiv, designed to steal credentials that can give a cybercriminal access to your network or, more frequently, information that can be used against you.
Sometimes this takes the form of a genuine-looking email and invoice from a “trusted vendor” that turns out to be a spoofed file directing funds to the wrong place. Other times it’s a link in an email that can send you to a phony webpage designed to have you enter sensitive username and password information that bad actors can then use to gain access to accounts like your bank account, work profile or network.
Fight back against fraud and cyber threats
When it comes to cybersecurity, being safe is all about being proactive. Here are three ways you can increase your chances of staying a step ahead of cybercriminals.
1. Develop a plan and practice, practice, practice
Spend time with key personnel and peers and develop a comprehensive plan. Think about what data is most important to your organization, and what data would be most valuable to someone else. Review the protections you have in place and where there could be gaps.
Ensure you have a list of names and numbers of those you’d need to contact in the event of a data breach – and keep a paper copy handy in the event you’re locked out of your systems.
And test your plans. Hold tabletop exercises regularly (once per quarter) to test how you would respond in the event of a real situation. Test your team’s ability to identify phishing, vishing and smishing attempts. This can help prepare you for what you’ve planned for, and also help you uncover important considerations that you didn’t.
2. Keep any hardware and software connected to your network updated
New ways to attack well-known technology are being uncovered everyday. One of the simplest steps to keep your network safe is to ensure any device that can access it — from the servers in your data centre to the laptops and smartphones in the hands of everyone from CEO to customer service representative — are always updated with the latest security patches.
It only takes one weak point for hackers to get into a system, and from there they can cause considerable damage and expense. And if they’ve been successful in attacking once, they’re even more likely to try again and again and again.
3. Protect yourself with education, verification and speed
Companies face a balancing act of trying to grow their organization and protecting it.
Educating employees about what to look out for is the number one way to keep your organization protected from malicious attempts to access your data. Ensuring proper verification and authentication is being incorporated into all processes can provide an added safeguard to help keep your business safe.
Lastly, if it does appear you have fallen victim to a cyber attack – act quickly. Immediately notify your financial partners, the proper authorities and any other party that may be directly impacted by the incident – or that can potentially help to limit the impact of the attack.
When it comes to keeping your business safe from cyber threats, every second - and every effort - counts. More information on ways to minimize fraud and cyber threats, read Keep Safe from Cyber Threats in the Age of COVID-19.
© Copyright HSBC Bank Canada 2021. All rights reserved. No part of this document may be reproduced, stored, distributed or transmitted in any form without the prior written permission of HSBC Bank Canada.
The information presented is not meant to be comprehensive and does not constitute financial, legal, tax or other professional advice. You should not act upon the information contained in this document without first obtaining specific professional advice. While reasonable care has been taken in preparing this document, HSBC does not make any guarantee, representation or warranty (express or implied) as to its accuracy or completeness. The information presented in this document is subject to change without notice.
Certain of the products and services offered by HSBC and its subsidiaries and affiliates are subject to credit adjudication and approval. This document does not constitute an offer to provide the services and products described and the provision of such services and products remains subject to contract.
“HSBC” is a trademark of HSBC Holdings plc and has been licensed for use by HSBC and its affiliates.